Slow connections (something other than packet fragmentation?)
Peter Brant
peter.brant at gmail.com
Mon Apr 27 14:11:04 PDT 2015
Hi all,
We're trying to switch from vpnc to openconnect. I can connect fine,
but the connection is extremely slow (about 1Mb/sec compared with
about 15Mb/sec with vpnc).
>From searching the archives, it looks like the typical cause of this
is packet fragmentation. I've experimented with setting --mtu=xxx for
various values between 500 and 1400 with no change either for the
better or worse.
Should I see the value I set there somewhere in the output for ifconfig?
I do see an MTU for 1406 for tun0 and vpn0. Ping times to an internal
address with the VPN connected for ping -s 1378 (1406) and ping -s
1379 (1407) do indeed double. Ping times for -s < 1378 are normal
(unchanged from before).
Also, with --verbose output, I see something like
Attempt new DTLS connection
Send CSTP DPD
No work to do; sleeping for 15000 ms...
Got CSTP DPD response
No work to do; sleeping for 20000 ms...
DTLS handshake timed out
DTLS handshake failed: 2
every two minutes or so. Starting openconnect with --no-dtls
predictably removes the above. Performance is unchanged.
Capturing the SSL traffic with tcpdump looks unsuspicious to my
relatively inexperienced eye.
The OpenConnect version is 5.02, running on Linux Mint 17 / Ubuntu
14.04.1. I'm not sure of the hardware / software version on the other
side, but can easily find out.
Is there other information that would be helpful?
Thanks very much for any ideas.
Peter
More information about the openconnect-devel
mailing list